| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4429 | OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2026-04-09 02:25:06 | Deep Dive |
| CVE-2024-8991 | OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2024-09-27 06:53:59 | Deep Dive |
| CVE-2024-3604 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection | photoweblog | OSM – OpenStreetMap | Critical | 9.9 | 2024-07-09 08:33:12 | Deep Dive |
| CVE-2024-3603 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | photoweblog | OSM – OpenStreetMap | Medium | 6.4 | 2024-07-09 08:33:07 | Deep Dive |
| CVE-2022-30544 | WordPress OSM – OpenStreetMap Plugin <= 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | MiKa | OSM – OpenStreetMap | Medium | 4.3 | 2023-01-17 04:23:59 | Deep Dive |